Kernel.org upload server utility
The program kup-server is expected to be the receiver of an ssh shell, configured with the following or similar options in ~/.ssh/authorized_keys:
command="/usr/bin/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[...]
Each user should have their own UID, as Unix user permissions are used for specific tree access control. On the client side, a corresponding client-side utility kup is used to initiate the connection and perform the uploads.
The configuration file for kup-server is located in /etc/kup/kup-server.cfg and has the following options:
[paths]
All paths in this section should be disjoint. Do not combine any of them into one directory.
data_path = /var/lib/kup/pub
Path for public consumption, e.g. served via http or rsync.
git_path = /var/cache/git
This is the path where git trees (for the TAR and DIFF options) are available. Those should be readonly for the uploaders.
lock_file = /run/kup/lock
A common lock file for data_path. No program should modify the content in data_path without holding an flock on this file. Should be readonly for the uploaders.
tmp_path = /var/cache/kup/tmp/
tmp_path can be either:
1. a directory writable by every user and with the sticky bit set (typically mode 1777 or 1770). In that case, DO NOT end the path with a slash, or:
2. A directory containing an empty directory for each user (named for that user), owned by that user and mode 0700. In this case, DO end the path with a slash.
In either case, this directory tree MUST be on the same filesystem as data_path, since the script expects tocreate files in this directory and rename() them into data_path.
pgp_path = /var/lib/kup/pgp
A directory containing a GnuPG public keyring for each user, named <user>.gpg and readable (but not writable) by that user.
[limits]
All sizes are in bytes, all times in seconds.
max_data = 8589934592
Max size of uploaded data.
bufsiz = 262144
Buffer size when reading data.
timeout_command = 30
How long to wait for a command to time out.
timeout_data = 300
Must read at least bufsiz bytes in this timespan.
timeout_compress = 900
Uncompressing tarballs must take at most this long.
timeout_compress_cpu = 900
Each compression command must take at most this long in CPU time.
Written by H. Peter Anvin <[email protected]>.
Copyright © 2011 Intel Corporation
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, Inc.; either version 2 of the License, or (at your option) any later version; incorporated herein by reference. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.